Sorry about the HTML - right after I sent, I realized I was in HTML...Services on:Domain Name Service (DNS) Server Email Servers File Transfer Protocol (FTP) Server MySQL Server Server Desktop Simple Network Management Protocol (SNMP) Server Web Server Netstat -an is attached.The GUI shows Sendmail using 465 & Portsentry using 1524 & 31337.Can I just chalk it up to false positives from chkrootkit?--Will________________________________________From: Arthur Sherman [mailto:arturs (at mark) netvision.net.il] Sent: Friday, December 29, 2006 2:09 PMTo: coba-e (at mark) bluequartz.orgSubject: [coba-e:08399] Re: System hacked?!?!?please post in plain text - much easier to track the thread later. port 456 could be open due to SMTPS, others could be different. could you post here what services are on/off in GUI, and also output of'netstat -an' ? Best,--Arthur Sherman+972-52-4878851CPTeam ________________________________________From: Will Nordmeyer [mailto:will (at mark) willspc.net] Sent: Friday, December 29, 2006 12:59 PMTo: coba-e (at mark) bluequartz.orgSubject: [coba-e:08385] System hacked?!?!?This morning�$BCT�(B chkrootkit output is declaring that bindshell is =infected�$B*"�(Bports 465, 1524 & 31337. When I do a netstat �$BKU�(Banup and grep for =thoseports, I see sendmail using 465 and portsentry using 1524 & 31337.Am I getting a false positive? What else can I check?I�$BCN�(B installing rootkithunter as we speak.--Will
8414_2.txt (attatchment)(tag is disabled)